Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"JScript Phantom Botnet Initial Checkin"; flow:established,to_server; content:"POST"; http_method; content:"action=getSerial|26|computer_name="; http_client_body; content:"|26|username="; http_client_body; content:"|26|version="; http_client_body; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; classtype:trojan-activity; sid:20166271; rev:1; metadata:created_at 2018_12_1;)
- alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"JScript Phantom Botnet Checkin"; flow:established,to_server; content:"POST"; http_method; content:"action=getCommand|26|uid="; http_client_body; content:"Content-Type|3a 20|application/x-www-form-urlencoded"; http_header; classtype:trojan-activity; sid:20166272; rev:1; metadata:created_at 2018_12_1;)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement